IETF Logo Mail Archive

Re: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-06.txt

Paul Wouters <paul.wouters@aiven.io> Mon, 06 June 2022 17:43 UTC

Return-Path: <paul.wouters@aiven.io>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26063C159492 for <openpgp@ietfa.amsl.com>; Mon, 6 Jun 2022 10:43:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53nWy7qL1ZyN for <openpgp@ietfa.amsl.com>; Mon, 6 Jun 2022 10:43:34 -0700 (PDT)
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E66DC159490 for <openpgp@ietf.org>; Mon, 6 Jun 2022 10:43:34 -0700 (PDT)
Received: by mail-ej1-x62c.google.com with SMTP id me5so29842852ejb.2 for <openpgp@ietf.org>; Mon, 06 Jun 2022 10:43:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; h=date:from:to:subject:in-reply-to:message-id:references:mime-version; bh=cIYlM1FN6s8Zo1Rd18Gwghh8SUTkGSFCSNUcr9PRbc0=; b=h7cvLoLd4EpxSfEC33AeB/cXNM1HLvMkivknFnZspcy9clXFBzg9JRLYy1LtlsWp3R 7bW9e18MIwfVNpYnatEmvJlW8K/wyKyN0PKoyl5Qf1jFeTXXO/I0A5Uzel9i4Y30ZNcU tyM+rFFj30FmpqBul5lOUh2hNml5rK0/vNgp8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:subject:in-reply-to:message-id :references:mime-version; bh=cIYlM1FN6s8Zo1Rd18Gwghh8SUTkGSFCSNUcr9PRbc0=; b=mX4MELxVRRss5zT7g+i/rOuq14ZSXrbazfKhCokPDP8mQYjw7do9Ot1bVHcjErn26R zwZ1ru4qnOSFnQDAwisZtB51hB70ELLUk7uWOaHptRQdhpv9yINnMA5TDvqe+5edn1Lw VMIUg204Q7yZBmT2Bq17A9fFaB5INzB/J04jqzeV/mUd6IsowcplfK/ydtPEVsiYVbAa R5pHFRzzatocwoS82RW7RTwo7xuuIMDQ7GK7PPC2tDDdcEy7tWBGLEQwwSb9NSvfOXnQ QEfuf6hWk9UHjUNL2jrAmTLpI9Ptom6As4YjQ2xO4bBnDrkJN2UksiMpp26uFNpAKFvt VEWg==
X-Gm-Message-State: AOAM531DaPzqsIuK3CW2QUjqB4fpn8sAn7tuw0wPFDuCOvZRccoh1JMq q1WqqjVDcAtMuH3Rp92N620zc3ekagBw+SR+eFTAfX1mWl/xHIaYk03uMrENbNgZ7lZ7oyHH9pc HjSwf1CYnC1TZYrLNrEDS4ty1H8GV1qTpSgyRtKrOqMpEgPky8y5qEh+lgnywQbFZneI=
X-Google-Smtp-Source: ABdhPJy+IgfqotyX3qEtCB9H/vRbUNvVc+WOUZvDDIv5jPwGSvdPhxx5alXH99z2HQLPMRJ5SwHj2g==
X-Received: by 2002:a17:907:96a0:b0:6fe:c2c7:5c66 with SMTP id hd32-20020a17090796a000b006fec2c75c66mr22667518ejc.756.1654537412138; Mon, 06 Jun 2022 10:43:32 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca. [193.110.157.194]) by smtp.gmail.com with ESMTPSA id q24-20020aa7d458000000b0042aad9edc9bsm9086669edr.71.2022.06.06.10.43.31 for <openpgp@ietf.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Jun 2022 10:43:31 -0700 (PDT)
Date: Mon, 06 Jun 2022 13:43:26 -0400
From: Paul Wouters <paul.wouters@aiven.io>
To: openpgp@ietf.org
In-Reply-To: <165453577116.17285.7902041139949315015@ietfa.amsl.com>
Message-ID: <34246965-677b-fb67-c7ff-5dae5945a985@nohats.ca>
References: <165453577116.17285.7902041139949315015@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/fZo7KQXCoej3Gr5mtQRQgC7SoT0>
X-Mailman-Approved-At: Mon, 06 Jun 2022 13:37:47 -0700
Subject: Re: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-06.txt
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jun 2022 17:43:38 -0000

On Mon, 6 Jun 2022, internet-drafts@ietf.org wrote:

> Subject: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-06.txt

> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-openpgp-crypto-refresh-06

A list of changes, excluding non-substantive changes, for this diff are
listed below.

Paul


- bump to draft version -06
- update authors
- Offer simple approach for v5 fingerprints on smartcards
- Introduce Packet Criticality based on Packet Tags
- Offer simple explanation for v5 fingerprints and smartcards
- Recommend generating Intended Recipient Fingerprint
- Add note that it is okay to knowingly ignore packets.
- Clarify that unknown here means unknown packet type.
- Partition the Packet Tag space into critical and non-critical.
- Document "strict" packet type grammars
- Guidance on selecting self-signatures
- IANA directions about registering a new ECC curve
- Describe the necessary steps to register a new elliptic curve in OpenPGP
- Fix typo in Ed448 signature format
- Signature Notation Data Subpacket IANA registry fixes
- Fix ECDH parameters for v5 keys, recommend them for v4 keys.
- Update Security Considerations section
- Editorial changes to transferable key structures
- Document v4 revocation certificates
- Stronger recommendations for PKCS#1 parsing, minor editorial changes
- Clarify that textual data is encoded in UTF-8.
- Drop line about usability studies.
- Added note about this work being done in a separate document
- Add security considerations about fingerprint usability
- Clarify that User IDs and User Attributes may be intermixed
- Specify that certification revocation signatures should come first
- Don't refer to "revocation self signatures" in grammar
- Tweak TSK description to allow for missing secret key material.
- Deprecate DSA
- Deprecate Elgamal
- Deprecate RSA
- Align the Signature Notation Data Subpacket Notation Flag registry.
- Give guidance on when to emit or omit the CRC24 footer.
- Merge section "key structures" into "transferable public keys".
- clean up SHA1 collision detection pointers
- Refer to SHA1CD section in the hash algorithms table
- Clarify Detached Signatures: multiple sigs in one detached object
- Rename "Issuer" subpacket to "Issuer Key ID" subpacket
- Adjust RSA keysize recommendations.
- Stronger limits for RSA keys
- emit a deprecation warning for deprecated ciphersuites as well
- A detached signature may contain more than one signature packet
- Move all key-related sections to "Key Material Packet".
- Move section on Key IDs and Fingerprints.
- Rework subkey advice.
- Swap v3 and v5 key structure sections around, align introductions.
- Mark the draft as IETF, rather than IRTF, IAB, or independent
- Armor and CSF cleanup
- Require selecting the most recent valid self-signature
- Add zero MPI as example.
- ignore signatures with mismatched internal versioning
- Avoid incorrect secret key S2K parameter field count.
- Add V5 key structure
  Subkey version MUST match primary key version.
- Clarify what is stored as an EdDSA secret key
- guidance about userIDs, self-sigs, and key versions
- Clean up test vectors, add sample v5 cert and key
- If signature's hash (+salt) don't match the header, invalidate sig.
- Clarify how to specify multiple hash algorithms in armor headers.
- Reverse guidance on unknown header keys.
- Implementations should gracefully recover from malformed headers.
- Remove the multi-part message framework.
- Mandate ignoring malformed or unknown signatures
- Fix cardinality of user-ids in V5 structure diagram
- Add key structure of revoked V5 primary key
- Add more justification for signature salts
- Move an ECC Security Considerations bullet to its own subsection
- Guidance about when to look for (or not look for) a UID self-sig
- Clarify that a self-sig over a User ID is not required for v5 keys.
- document existing convention about v4 certificates
- Test Vectors: add v5 certificate and secret key
- Test vectors: set off AEAD test vectors as sourcecode objects
- Test vectors: OCB and GCM descriptions had copy-pasted AEAD algo identifiers
- Test vectors: add ASCII-armored forms of sample v4 Ed25519 key and signature
- Test vectors: clarify that the sample EdDSA key and signature use Ed25519
- Test vector: clarify that the sample signature time is in UTC
- Fix sample ed25519 signature
- Clarify descriptions of Argon2 test vectors, annotate as sourcecode
- update acknowledgements section.

v2.23.0 | Report a Bug | By Email